Problems with Seafile Pro installation (Docker, LetsEncrypt activated)

Hey guys,

I would like to install Seafile Pro (Docker) with following installation guide but somehow I got problems while setting up the docker container with activated LetsEncrypt option.

I installed Docker version 17.12.0-ce on a Ubuntu 16.04 server and opened ports 443/tcp and 80/tcp with ufw. To install the seafile pro server I’ve ran the recommended default docker command from the guide I mentioned above.

At first everything looked fine! Docker downloaded the right image after logging in to the docker host. I also got access to the Webinterface after everything was set up. But at the moment I wanted to startup again (docker stop seafile and afther that docker rm seafile) with the activated SEAFILE_SERVER_LETSENCRYPT option, docker wont start.

docker run -d --name seafile \
-e SEAFILE_SERVER_LETSENCRYPT=true \
-e SEAFILE_SERVER_HOSTNAME=[my.domain.de] \
-e SEAFILE_ADMIN_EMAIL=[my@domain.de] \
-e SEAFILE_ADMIN_PASSWORD=[my_password] \
-v /data/docker-data/seafile:/shared \
-p 80:80 \
-p 443:443 \
docker.seadrive.org/seafileltd/seafile-pro:latest

When looking into the logs there where the following messages:

[2018-07-17 20:48:16] Starting letsencrypt verification
Cloning into '/shared/ssl/letsencrypt'...
fatal: unable to connect to github.com:
github.com: Temporary failure in name resolution

Traceback (most recent call last):
  File "/scripts/start.py", line 85, in <module>
    main()
  File "/scripts/start.py", line 51, in main
    init_letsencrypt()
  File "/scripts/bootstrap.py", line 67, in init_letsencrypt
    call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain))
  File "/scripts/utils/__init__.py", line 68, in call
    return subprocess.check_call(*a, **kw)
  File "/usr/lib/python2.7/subprocess.py", line 541, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '/scripts/ssl.sh /shared/ssl my.domain.de' returned non-zero exit status 128
*** /scripts/start.py exited with status 1.
*** Shutting down runit daemon (PID 290)...
*** Running /etc/my_init.post_shutdown.d/10_syslog-ng.shutdown...
Jul 17 20:50:21 e0c8a1c07254 syslog-ng[27]: syslog-ng shutting down; version='3.5.6'
Jul 17 20:50:21 e0c8a1c07254 syslog-ng[27]: EOF on control channel, closing connection;
*** Killing all processes...

I’m not sure why Docker can’t connect to github (like it’s said in the logs). I also got access to the seafile pro files (in the location I specified in the docker command). At first I thought that it could be an problem with the access rights for the ssl folder, but at the end it doesn’t looked like this after changing them shortly. I found nothing about this problems like non-zero exit status 128 or the unable to connect to github.com error message in relation with letsencrypt on Google. Can someone could give me a guess what I’m doing wrong?

Thanks for your help
Patrick

1 Like

Sometimes a problem with the DNS have you tried to run it with the --dns=1.1.1.1 option?

Unfortunately with the --dns=1.1.1.1 option it doesn’t work neither. Got the same errors as before.

Have you already tried to get into the container and ping github? If this don’t work, can you post your iptable rules for Docker?

Thank’s for you advise @bionade24. I think I found the reason why my container don’t have internet access. Some time ago I added the iptables option to the /etc/docker/daemon.json file.

{
    "graph":"/data/docker-cache",
    "iptables":false,
    "dns":["1.1.1.1","1.0.0.1"]
}

This was because my setted ufw rules where not activated rightly. All of my ports where open at this time. But for testing, I commented this option out now. My container get connection to the internet now but after that, I got a new error:

[2018-07-18 16:09:46] Preparing for letsencrypt ...
[2018-07-18 16:09:46] Starting letsencrypt verification
Cloning into '/shared/ssl/letsencrypt'...
Generating RSA private key, 4096 bit long modulus
............++
..............................................++
unable to write 'random state'
e is 65537 (0x10001)
Generating RSA private key, 4096 bit long modulus
....................................................................................................................................................................................++
.........................++
unable to write 'random state'
e is 65537 (0x10001)
Parsing account key...
Parsing CSR...
Found domains: my.domain.de
Getting directory...
Directory found!
Registering account...
Registered!
Creating new order...
Order created!
Verifying my.domain.de...
Traceback (most recent call last):
  File "/shared/ssl/letsencrypt/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/shared/ssl/letsencrypt/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/shared/ssl/letsencrypt/acme_tiny.py", line 144, in get_crt
    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /var/www/challenges/xjIeH-RI3IzJmcGUQa6_AYaGHJhNyZWYPEmva8G5d1w, but couldn't download http://my.domain.de/.well-known/acme-challenge/xjIeH-RI3IzJmcGUQa6_AYaGHJhNyZWYPEmva8G5d1w: Error:
Url: http://my.domain.de/.well-known/acme-challenge/xjIeH-RI3IzJmcGUQa6_AYaGHJhNyZWYPEmva8G5d1w
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>
Traceback (most recent call last):
  File "/scripts/start.py", line 85, in <module>
    main()
  File "/scripts/start.py", line 51, in main
    init_letsencrypt()
  File "/scripts/bootstrap.py", line 67, in init_letsencrypt
    call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain))
  File "/scripts/utils/__init__.py", line 68, in call
    return subprocess.check_call(*a, **kw)
  File "/usr/lib/python2.7/subprocess.py", line 541, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '/scripts/ssl.sh /shared/ssl my.domain.de' returned non-zero exit status 1
*** /scripts/start.py exited with status 1.
*** Shutting down runit daemon (PID 290)...
*** Running /etc/my_init.post_shutdown.d/10_syslog-ng.shutdown...
Jul 18 16:12:02 40b0fa01d3c7 syslog-ng[27]: syslog-ng shutting down; version='3.5.6'
Jul 18 16:12:02 40b0fa01d3c7 syslog-ng[27]: EOF on control channel, closing connection;

(*) I edited the my domain from the logs

EDIT:
I read that it’s only possible trying to validate a domain on letsencrypt 5 times in an hour without getting blocked so I don’t like to test it to much.

1 Like

Found the solution by myself! Port 80 was not opened because I deleted some of my rules earlier. Now everything works fine.